About the role

Information Security Management Systems Implementation Consultant (Contract – Outside IR35)

Location: Remote (HQ: Teesside)

Contract Length: 6 months

NRG is delighted to partner with a growing, mid-sized organisation on an exciting new opportunity for an experienced ISMS Implementation Specialist to lead the delivery of a full ISO 27001-aligned Information Security Management System (ISMS).

You’ll be the hands-on lead responsible for designing and implementing an operational, production-ready ISMS , with the potential for certification in a future project phase. You’ll work closely with leadership, IT, and operations to bring structure, compliance, and scalability to their maturing security posture.

What You’ll Be Doing

ISMS Framework & Governance

• Establish a fully compliant ISMS framework aligned to ISO 27001 standards

• Build and formalise the ISMS Governance Council and internal Information Security Team structures

• Develop all core policies, procedures, and controls across the business

• Implement risk assessment processes and treatment plans

• Launch internal audit and management review programmes

Security Configuration & Technical Delivery

• Configure Microsoft 365 security settings (DLP, conditional access, info protection etc.)

• Review and enhance controls for a custom CRM application on AWS (OWASP-compliant)

• Integrate Vanta (existing compliance monitoring platform) with the ISMS

• Directly implement security controls where possible or brief/manage the ITSM provider

• Document all technical processes and configurations for long-term sustainability

Operational Readiness & Handover

• Ensure the ISMS is fully operational and self-sustaining

• Support training and upskilling of governance council and ISMS roles

• Establish competency frameworks, documentation packs, and evidence collection systems

• Formalise key business processes (incident response, risk, continuous improvement)

What We’re Looking For

• Proven track record implementing ISO 27001-aligned ISMS in similar-sized organisations (50–200 employees).

• Hands-on experience configuring Microsoft 365 security tools (DLP, CA, compliance centre, etc.).

• Strong understanding of governance frameworks, especially involving business-led councils and stakeholder engagement.

• Experience working with regulators such as FCA or ICO across diverse technical environments.

• Confident leading ISMS delivery independently, with structured project plans and clear documentation.

• Familiar with Vanta or similar compliance automation platforms (Drata, Tugboat Logic, etc.).

• ISO 27001 Lead Implementer certification preferred but not essential.

Why Apply?

• Autonomy: Full ownership of ISMS Phase 1 - from design to delivery

• Flexibility: Fully remote contract role, with support from a responsive leadership team

• Impact: Shape the organisation’s long-term information security maturity

• Tools: Leverage a modern tech stack (M365, AWS, Vanta, cloud SaaS)

If this role sounds of interest, click ‘apply now’ and a member of our team will be in touch.

NRG is an equal opportunities employer committed to promoting a diverse and inclusive workplace. We oppose all forms of unlawful or unfair discrimination on the grounds of any protected characteristic. Our aim is to create an environment that encourages diversity, builds on individual differences, and responds equitably to the needs of all. We proactively take steps to fulfil our legal obligations, remove barriers, monitor for fairness, reflect the communities we serve, and enforce a zero-tolerance policy for breaches of our Equality and Diversity policy.